Skip to main content

Data Collection and Usage

We prioritize the privacy and security of all data collected through our camera systems and associated services. Our system is designed to capture images within refrigerated spaces in commercial environments, such as supermarkets and stores, for stock monitoring purposes.

Device Captured Data

The camera system does not have any personally identifiable information or store information stored in the device itself. It does not have any capabilities to track individuals or information about them. It captures:

Still images

  • No video or audio is recorded, and the device does not have such capabilities
  • Images are typically taken at door open facing the inside contents of the refrigerator/freezer -- strictly for the purpose of stock monitoring
  • Cameras are inward facing to ensure only the content of the refrigerator/freezer are captured
  • Images are generally captured once or twice a day on pre-scheduled time

Other Data

  • Periodic temperature readings
  • Door open/close timestamps

Personal Data

To provide access to our services for licensed users, we collect personal information such as usernames and email addresses. We may also log browser and IP address information for security and auditing purposes. Logging is done in compliance with GDPR's data minimization principles, ensuring that only essential data is collected and retained.

Customer-Provided Data

Our customers provide data related to outlets (stores), products, and planograms to enable us to process images effectively. Occasionally, customers may also provide contact information for store managers or sales personnel to facilitate notifications. This data is explicitly used for fulfilling contractual obligations and legitimate interests of the stock monitoring services only.

Accidental Capture of Personal Data (Photos)

In rare instances, images might capture parts of individuals' bodies. We employ AI technology to automatically remove such data. Images are processed to ensure that any accidentally captured personal information is deleted or anonymized as soon as possible.

Data Usage and Access

The data we collect is used exclusively to deliver our stock monitoring services. Specifically:

  • Service Provision: Personal data is utilized to grant access to authorized users and notify them of necessary actions.

  • Internal and External Access: Data access is strictly limited to authorized users, including our customers' designated personnel, our internal teams, and approved subcontractors, all of whom are bound by confidentiality agreements and GDPR compliance.

  • Develop and improve products and services: The stock related data such as product information may be used to improve our recognition services. Anonymized data logs may be used to improve the performance of specific areas of our applications and services.

  • Tracking and analyzing usage of services: Cookies and application logs are used to monitor and analyze the usage of our applications and services only. We do not track anonymous users and only authorized users are tracked.

Data Storage Location

Data is stored in the USA with a geo-redundant failover site in Australia. Alternate storage location may be agreed upon based on agreements. All the data is encrypted in transit using mechanisms such as TLS security protocols.

Data Protection and GDPR Compliance

We are fully committed to GDPR compliance and protecting the privacy of all individuals:

  • Data Security: All personal data is stored securely, and access is restricted to authorized personnel only. We employ state-of-the-art encryption and access control mechanisms to safeguard the data. The access to infrastructure is limited based on the location and user accounts. Data transfer in transit is encrypted using mechanisms such as TLS.

  • Data Minimization: We only collect the minimum necessary personal information required to provide our services. Regular reviews are conducted to ensure that only necessary data is retained, and unnecessary information is removed.

  • Rights of Data Subjects: Individuals have the right to access, rectify, or request the deletion of their personal data. Requests can be directed to our Data Protection Officer at mail@coolrgroup.com or to general support at support@coolrgroup.com. We have a 7-day turn-around time for any such requests.

  • Data Retention: Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. Logs are stored for a maximum of 6 months.

  • Data Breach Protocol: In the unlikely event of a data breach, we have protocols in place to promptly notify affected individuals and the relevant supervisory authority, as required by GDPR.

Competition Law and Image Processing Architecture

At CoolR, compliance with competition law and GDPR is not a feature - it is a design principle. Given recent industry discussions around image-based retail intelligence and competition law obligations in EU markets, we want to proactively share our architectural position and the reasoning behind it. The information in this section is provided for general informational purposes only and does not constitute legal advice.

Our Current Approach

CoolR's computer vision platform is trained exclusively on each client's own SKU catalog. Any product outside that catalog is classified as "Unknown / Foreign Item" at the point of inference. No competitor brand identification, product matching, or metadata enrichment is performed. What is retained and exported contains no competitive attribution of any kind.

The regulatory question that matters is not whether a camera captures a full shelf - it does. The question is whether the system identifies, retains, trains on, or acts on competitor product data. Our system does not perform any of these actions.

This architecture was designed with the goal of supporting compliance with competition law requirements in EU markets and of avoiding the need for post-capture remediation, based on our current understanding of those requirements.

On Blurring – A Note of Caution

We are aware that some approaches to competition law compliance involve blurring competitor products in captured images. We want to be transparent about our assessment of this approach.

To blur a competitor product, a system must first detect and locate it. That detection step—even if shape-based and brand-agnostic—constitutes a form of processing of third-party product data. Depending on implementation, this may create obligations under GDPR as incidental data processing and may introduce, rather than eliminate, competition law exposure.

CoolR's position is that structural non-identification—where competitor products are never processed, classified, or acted upon—can offer a stronger and cleaner compliance posture than post-capture blurring, depending on the applicable legal framework and specific implementation. Whether this approach is appropriate or sufficient must be assessed by each client together with their own legal counsel.

We recommend any client evaluating blurring as a compliance measure seek independent legal confirmation that it satisfies their specific regulatory obligations before requiring it of their technology vendors.

Our Commitment

CoolR will not implement any architectural change that creates compliance exposure for our clients or for ourselves without formal legal review. If you have questions about how our platform handles image data in your specific market, we are happy to provide a written technical statement for your legal team's records.

Third-Party Processing

We may share data with third-party service providers (subcontractors) for processing on our behalf. All third-party processors are carefully vetted to ensure GDPR compliance and are contractually obligated to adhere to our data protection standards.

Contact Information

For any queries or concerns regarding your personal data or our data protection practices, please contact our Data Protection Officer at mail@coolrgroup.com.